question

marbunasells-1793 avatar image
1 Vote"
marbunasells-1793 asked ·

seting security key(for ex: yubikey) as default sign-in method for azure user?

hi!

i have two questions about using a security key as MFA in my organization:

1.how can i set the security key as a default sign in method?

  1. how can i disable the option of using SMS as a MFA for just some users (those who have a security token) and let other users keep using SMS as MFA?

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnujRana-1707 avatar image
0 Votes"
AnujRana-1707 answered ·

Please check answer of both the queries below :

How can i set the security key as a default sign in method?

You cannot set Security Key as default login option for users because not all Microsoft applications currently supports security Keys based sign-in. Eg : Azure AD PowerShell, Login to AzureAD/Office 365 services on IOS or even with Outlook/Teams etc running on windows. Security key (FIDO2) based sign-in is an optional feature and unless all Microsoft services are compatible with security key based login, it wont makes sense to force it. Alternatively, you can use MS authenticator app based sign in as default method as it is supported by all web and modern authentication supported clients.

How can i disable the option of using SMS as a MFA for just some users (those who have a security token) and let other users keep using SMS as MFA?

MFA methods can be set on tenant level which means if you want to disable SMS as MFA method, you can do it from MFA settings, however, it will remove this option for all users. I believe the best option will be to keep MFA methods like Authenticator App, OATH token ( Hard token ) and Phone call. SMS is anyways not considered as secured option and should be used only when other better options cannot be used.


8439-mfa-method.png




I hope this answer your queries, if not please let me know and i will try to help you further.


mfa-method.png (7.7 KiB)
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip avatar image
0 Votes"
ManuPhilip answered ·

Hi @marbunasells-1793

Following are the answers.
1. Go to the below section.
Azure Active Directory > Security > MFA > Getting started > Configure > Additional cloud-based MFA settings
Select the required verification option(s)

  1. To setup different permissions for selected users, you may need to create user groups in AD and assign the required permissions to the group. Following link will guide you to go for a conditional access

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa#create-a-conditional-access-policy

Regards,
Manu


· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.